XehookStealer
Intelligence Profile
Xehook is a .NET-based malware targeting Windows systems. It collects data from Chromium and Gecko browsers, supporting over 110 cryptocurrencies and 2FA extensions. CRIL found a potential link between Xehook Stealer, Agniane, and the Cinoshi project, suggesting a progression from a free MaaS model to the development of Xehook Stealer. SmokeLoader binaries were identified as a common vector for distributing Xehook Stealer. Xehook Stealer shares code overlaps with Agniane Stealer, indicating an evolutionary relationship.
Threat Analysis
XehookStealer is a malware family tracked by threat intelligence researchers and catalogued in the Malpedia dataset. It represents a distinct malicious software lineage with identifiable code characteristics, behaviors, and victimology.